We have audited the DEA's management of Enterprise Architecture and IT investments. The audit was conducted in accordance with Government Auditing Standards. As required by the standards, we reviewed management processes and records to obtain reasonable assurance about the DEA's compliance with laws and regulations that, if not complied with, in our judgment, could have a material effect on DEA operations. Compliance with laws and regulations applicable to the DEA's handling of Enterprise Architecture and IT investments is the responsibility of the DEA's management.

Our audit included examining, on a test basis, evidence about laws and regulations. The specific laws and regulations against which we conducted our tests are contained in the relevant portions of the Clinger-Cohen Act of 1996 and OMB Circular A-11, Section 300.

The Clinger-Cohen Act of 1996:

• as applied to the Enterprise Architecture, requires the CIOs for major departments and agencies to develop, maintain, and facilitate the implementation of architectures as a means of integrating business processes and agency goals with IT; and

• as applied to the management of IT investments, defines requirements for capital planning and control of IT investments and mandates a select/control/evaluate approach that federal agencies must follow.

OMB Circular A-11, Section 300:

• as applied to IT investment management, establishes the criteria for completing Exhibits 300, which is the format used to represent the purpose for the proposed investment to agency management and the OMB.

Except for those issues cited in the Finding and Recommendations section of our report, our tests indicated that for those items reviewed, the DEA's management complied with the laws and regulations referred to above. With respect to those items not tested, nothing came to our attention that caused us to believe that the DEA's management did not comply with the laws and regulations cited above.